Q about azure-native: KeyVault & Certificates....
# azure
Q about azure-native: KeyVault & Certificates. I’ve created a cert in a KeyVault, which I can fetch via
. But I don’t see any function to retrieve the Certificate (I need the thumbprint, for example. Any ideas?
I can get it by running
az keyvault certificate show --vault <vault> -n <certName> --query "x509ThumbprintHex" -o tsv
what would be the easiest way to do the same in Pulumi?
Oo, just found
had a stdout. Resolves my issue.
Copy code
var getThumb = new Command("getThumb", new CommandArgs
    Create = "az keyvault certificate show --vault $VAULT -n $NAME --query \"x509ThumbprintHex\" -o tsv",
    Environment =
        { "NAME", certName },
        { "VAULT", vault.Name },
Retrieving the values of secrets, including certs, is not available through Pulumi since this is a data-plane operation. See this (pretty hidden) note on https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/getsecret/#secretpropertiesresponse:
Users should use the data-plane REST service for interaction with vault secrets.
Glad you found another way. Using the Azure SDK would be another one.
👍 2
Makes sense. And thanks for the tip on Azure SDK — I guess that makes a lot more sense that parsing stdout 😄